kern/87255: Large malloc-backed mfs crashes the system

Yar Tikhiy yar at comp.chem.msu.su
Tue Oct 11 07:40:19 PDT 2005 

>Number:         87255
>Category:       kern
>Synopsis:       Large malloc-backed mfs crashes the system
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 11 14:40:16 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Yar Tikhiy
>Release:        FreeBSD-CURRENT
>Organization:
MSU
>Environment:
	FreeBSD-CURRENT as of October, 7.

>Description:
	Filling up a too large malloc-backed mfs disk results
	in a well-reproducible system panic.  While it is bogus
	to give nearly all RAM to a malloc-backed mfs disk, the
	system ideally shouldn't panic either, but return a error
	at some earlier point.

	This issue was initially mentioned in PR bin/87218.

>How-To-Repeat:
	On a machine with 256M of RAM:

	# mdmfs -s 200M -S -M /dev/md0 /mnt
	# cat /dev/urandom > /mnt/foo
	[system croaks and panics in a few seconds]

	Pre-panic and panic messages:

	g_vfs_done():md0[WRITE(offset=124108800, length=131072)]error = 28
	g_vfs_done():md0[WRITE(offset=52543488, length=6144)]error = 28
	[quite a bunch of such g_vfs_done() error messages precedes panic]
	panic: bundirty: buffer 0xc63c78b0 still on queue 1

	Kernel backtrace:

#11 0xc04dae87 in panic (
    fmt=0xc06578d1 "bundirty: buffer %p still on queue %d")
    at /usr/src/sys/kern/kern_shutdown.c:539
#12 0xc051f52d in bundirty (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:1036
#13 0xc051fe60 in brelse (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:1346
#14 0xc0522ca6 in bufdone (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:3183
#15 0xc05d7346 in ffs_backgroundwritedone (bp=0xc63c78b0)
    at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1537
#16 0xc05229ba in bufdone (bp=0xc63c78b0) at /usr/src/sys/kern/vfs_bio.c:3051
#17 0xc04a9aa6 in g_vfs_done (bip=0x0) at /usr/src/sys/geom/geom_vfs.c:86
#18 0xc0522694 in biodone (bp=0xc1281294) at /usr/src/sys/kern/vfs_bio.c:2894
#19 0xc04a741f in g_io_schedule_up (tp=0xc1108300)
    at /usr/src/sys/geom/geom_io.c:510
#20 0xc04a76f6 in g_up_procbody () at /usr/src/sys/geom/geom_kern.c:95
#21 0xc04c7d74 in fork_exit (callout=0xc04a769c <g_up_procbody>, arg=0x0,
    frame=0xcbdcbd38) at /usr/src/sys/kern/kern_fork.c:789
#22 0xc061e8bc in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:208

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list